fetch-tool fails and incorrectly retries when cached token is expired

[vladsud]

Fluid-fetch tool throw me this error 3 times before giving up.
Re-running it with --forceTokenReauth fixed the problem, but that's bad user experience - it should detect expired token and do right things automatically.
Also in general, 400 is non-retryable code (which should be properly indicated by canRetry property on error object) -we should not retry (even 3 times). Other (retryable) errors need retries.

Hit error while downloading ops. Retrying
Error: Unable to get access token.
at Object.createErrorFromResponse (E:\FluidFramework\packages\utils\odsp-utils\dist\odspRequest.js:48:19)
at fetchTokens (E:\FluidFramework\packages\utils\odsp-utils\dist\odspAuth.js:43:29)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async refreshTokens (E:\FluidFramework\packages\utils\odsp-utils\dist\odspAuth.js:64:23)
at async Object.refreshTokenFn (E:\FluidFramework\packages\utils\odsp-utils\dist\odspAuth.js:27:5)
at async Function.timedExecAsync (E:\FluidFramework\packages\utils\telemetry-utils\dist\logger.js:378:25)
at async E:\FluidFramework\packages\drivers\odsp-driver\dist\vroom.js:23:23 {
requestResult: {
href: 'https://login.microsoftonline.com/organizations/oauth2/v2.0/token',
status: 400,
data: {
error: 'invalid_grant',
error_description: 'AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2020-04-09T20:43:30.4835848Z and was inactive for 90.00:00:00.\r\n' +
'Trace ID: f1dd6095-2339-4a56-b850-508508f10000\r\n' +
'Correlation ID: f72f62b1-385e-4d57-b320-a8f0a6ec1dc8\r\n' +
'Timestamp: 2020-09-05 01:06:05Z',
error_codes: [Array],
timestamp: '2020-09-05 01:06:05Z',
trace_id: 'f1dd6095-2339-4a56-b850-508508f10000',
correlation_id: 'f72f62b1-385e-4d57-b320-a8f0a6ec1dc8',
error_uri: 'https://login.microsoftonline.com/error?code=700082'
}
}
}
ERROR: Error: Giving up after 3 attempts to download chunk.
at loadChunk (E:\FluidFramework\packages\tools\fetch-tool\dist\fluidFetchMessages.js:48:11)
at processTicksAndRejections (internal/process/task_queues.js:97:5)

[jatgarg]

@vladsud For expired token, why are we getting 400? Shouldn't we get 401 or 403?

[vladsud]

@jatgarg, here is my naive understanding of it:
There are two types of tokens - refresh & access token.
401 & 403 are for access token expiration. Access token can be refreshed if refresh token is still valid.
400 here happens because refresh token is expired.
These types of rejections are happening at different levels, and by different servers.
Useful starting point:
https://stackoverflow.com/questions/38986005/what-is-the-purpose-of-a-refresh-token

[jatgarg]

Closed by mistake.